^asoninadatabaseinamannertend^t * 

a . obtaining, from each use, «™ , he contenl luch pe,sona. 
data base, personal informanon ot ■ 

(llment phase. 

information initial established by sue us 7 al idennte s 

associated with such user, the P » 

provided by such user in the enrollment phas*/ ^ ^ ^ ^ 

data set including such user spe 7 and 

physiological — ^ 

physiological idenffiers and (n ^ ^ ^ fe , he new se » 

as such user. / 

/ , ,, im i further comprising 

includessuchuser.idica,— ^ 

use ,s medical intorltion in the and it „ 

thesub.ctprovidlanewsetotphys*^^ 

determinedly recourse to the stored data set, 



beW eenaUeas t one m e mb eHn th ene W se l an d aco tr espona i n gm e m y*e 
fir5t set^anhesu^ect^ 

8 . (Tw iceamended) A -oa.-»S^^.*^ nl 

one member seiected from the group coning of charac^r 
such user and the appearar^u*use^ace 

purporting to provide them. 

^-*-w , -* ,B,,pd,,,,te ^ 

information in the data set percent to such user. 

. j\ ./method according to claim 1, further comprising: 

set. 

17 . ^(amended) A method for authenticating a user transaction, the 
method comprising: 



■A 



0 btainmS ates 
^easpeaficuser; . . . „, „e*>ent « 



abject put]? 




• test set otpny-- - 
obtairungatest the spef * user 

,e a specif user; set pertinent to y ded 

^ ,^ersinasepara te ihc u set," 

*»* Wt " ^ftc user, and OS).**"* .X^athasbee* 
es^shedbytnespecAc . ted wi * *e spea^* deI conditions 

determining / hysio logical ide 11 

^e^se^daccespcnj^ 



set 



* f there is a suu — " 

determining «P a network ■ 



(a) the specific user's personal information obtained from the specific 



user; 

(b) a representation of ^ first set of physiological identifiers associated 
with the specific user; and 

(c) the specific user'^ emergency information obtained from the 
specific user; 

the storage medium being rafaintained under conditions wherein modification by 
a subject of such personal and emergency information in a stored data set 
pertinent to the specific user is permitted only if (i) the subject provides a new set 



up 



of physiological identif ijrs and (ii) it is determined, by recourse to the stor^ 
data set, that there is a^sufficient match between at least one member ij^the new 
set and a corresponding member of the first set, so that the subject i 
authenticated as the specific user. 



30. (Amended) * A system for updating a personal info/rnation database 
containing a data set for each one of multiple users, eacft data set including a 
user's personal information and a representation of a^first set of physiological 
identifiers associated with the user, the system comprising: 

a. a physiological identifier transducer having an output representing 
a physiological identifier associated with a subject; 

b. a user access authorization module, coupled to the physiological 
identifier transducer and to the database, for determining whether the output of 
the physiological identifier transducer sufficiently matches the representation of 
the first set of physiological identifiers, so that the subject is authenticated as the 
user; 

c. a user data set access module, coupled to the user access 
authorization module andio the database, for accessing the user data set, in the 
event that the user access authorization module has authenticated the subject as 
the user; and 
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d. a user data set update module, coupled to the databas^, to the user 
data set access module, and to a user input, permitting the user to update such 
user's personal information in the corresponding data set in the database in the 
event that the user data set access module has provided access to the user data 
set. 



31. (Twice amended) A system for authenticating transactions, the system 
comprising: 

a. a multi-user personal information data tfase, the data base comprising, for 
each specific user, a data set pertinent to the Specific user, the data set including: 

(i) personal information, of the specific/user, that has been established by the 
specific user; 

(ii) a representation of a first set o££hysiological identifiers, associated with 
the specific user, that has been provided by the specific user; 
the data base being maintained urfcler conditions wherein modification by a 
subject of a user's personal information in a stored data set pertinent to the 
specific user is permitted only if (i) the subject provides a new set of 
physiological identifiers and (ii) it is determined, by recourse to the stored data 
set, that there is a sufficient match between at least one member in the new set 
and a corresponding member of the first set, so that the subject is authenticated 
as the specific user; 

b. a multiplicity/bf remotely distributed terminals in communication with 
the data base, each/terminal including a physiological identifier transducer and a 
communication link with a merchant; and 

c. an authenticity checker, which determines whether there is a sufficient 
match between the output of a physiological identifier transducer attributable to 
a subject purporting to be a user and a physiological identifier in the first set. 



36. (Amended) A method of administering personal information in a data base in 
a manner tending to assure integrity of data therein, the data base being of a type 



, obtaining to>» asU ' -^W*** 01 „ al information* 
b .pertnitungthes 1 Z d , by recourse anda 

user. 



t -is 41-50 as follows^ 

Please add newcU^_^_ ^39,**** 

/ d according to any 
41 . ^ 1N e«)A^' .^newsetofP^do? 




/ { the new set 01 y ; 

co^S-/ tati „nofa.leastoneO 

U of physiolo^ ^ ^ compri smg: 

mine a tVurd party ,4 3 t a set without r en 

permitting* d data se matches a 

responding 

data set. 
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44. (New) A method according to claim 43, wherein the specified 
merchant. / 



id is a 




45. (New) A method according to claim 2, further comprising: 
permitting a third party of a specified kind to view imt not modify the 

user's medical information in the stored data set without requiring such third 
party to provide a physiological identifier that sufficiently matches a 
corresponding member of the first set of physiological identifiers stored in the 
data set. 

46. (New) A method according to clai?n 45, wherein the specified kind is a 
health care provider. 

47. (New) A method according/to any of claims 1 and 2, further comprising: 
providing, to each user, /token indicating that the user has provided 

information to the data base. 

48. (New) A method According to claim 47, wherein the token comprises a 
card. 



49. (New) A method according to claim 47, wherein the token includes an 
identifier that, wnen presented to the data base by a third party, enables such 
third party to access but not modify the user's information in the data base. 

50. (New) A method according to claim 49, wherein the identifier comprises: 
a record number identifying the data set pertinent to such user. 
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